Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ca23713d authored by Mayank Rana's avatar Mayank Rana Committed by Gerrit - the friendly Code Review server
Browse files

xhci: Fix NULL pointer dereference with xhci_irq() for shared_hcd 



Commit ("fe190ed0 xhci: Do not halt the host until both HCD
have disconnected their devices.") sets xhci->shared_hcd to NULL
without stopping xhci host. This results into race condition
where shared_hcd (super speed roothub) related interrupts are
being handled with xhci_irq() and encountering NULL pointer
deference while trying to access xhci->shared_hcd. It also
creates memory leak as usb_put_hcd() API won't be able to call
hcd_release() from xhci_plat_remove() API. Fix these issues by
not setting xhci->shared_hcd with xhci_stop().

Change-Id: I4f6179acf02d44ff8c81566611257c121a8bf28e
Signed-off-by: default avatarMayank Rana <mrana@codeaurora.org>
parent 9bd05f8c

drivers/usb/host/xhci.c

+0 −2
Original line number Diff line number Diff line
@@ -727,8 +727,6 @@ static void xhci_stop(struct usb_hcd *hcd) 


	/* Only halt host and free memory after both hcds are removed */

	if (!usb_hcd_is_primary_hcd(hcd)) {

		/* usb core will free this hcd shortly, unset pointer */

		xhci->shared_hcd = NULL;

		mutex_unlock(&xhci->mutex);

		return;

	}